Skype quickly responded on its security blog, noting that the company was already aware of the issue by the time Maddern reported it and had in fact issued a fix for it as part of a minor update to Skype for Mac released on April 14th. But because exploits for the vulnerability had not been reported in the wild, the company opted not to prompt existing users to apply the update.

Emphasis mine, natch. So Skype's not going to protect their users until after a few of them have been hacked completely? The whole point of Maddern emailing them that he'd found the issue is that, as soon as he discovered it, the exploit was in the wild. At least one fellow could have already completely compromised any Mac Skype user who accepted his messages.